AI Enthusiasts Are Running 'Clawdbot' on Their Mac Minis, but You Probably Shouldn't

I am a self-professed AI skeptic. I have yet to really find much of a need for all these AI-powered assistants, as well as many AI-powered features. The most useful applications in my view are subtle—the rest seem better suited for shareholders than actual people.

And yet, the AI believers have a new tool they're very excited about, which is now all over my feeds: Clawdbot. Could this agentic AI assistant be the thing that makes me a believer as well? Spoiler alert: probably not.

What is Clawdbot?

If you're deep in the online AI community, you probably already know about Clawbot. For the rest of us, here's the gist: Clawdbot is a "personal AI assistant" designed to run locally on your devices, as opposed to cloud-based options. (Think ChatGPT, Gemini, or Claude.) In fact, Clawdbot runs any number of AI models, including those from Anthropic, OpenAI, Google, xAI, and Perplexity. While you can run Clawdbot on Mac, Linux, and Windows, many online are opting to install the bot on dedicated Mac mini setups, leading to one part of the assistant's virality.

But there are other AI assistants that can be run locally—one thing that makes Clawdbot unique is that you communicate with it through chat apps. Which app you use is up to you, as Clawdbot works with apps like Discord, Google Chat, iMessages, Microsoft Teams, Signal, Telegram, WebChat, and WhatsApp. The idea is that you "text" Clawdbot as you would a friend or family member, but it acts as you'd expect an AI assistant to—except, maybe more so.

That's because, while Clawdbot can certainly do the things an AI bot like ChatGPT can, it's meant more for agentic tasks. In other words, Clawdbot can do things for you, all while running in the background on your devices. The bot's official website advertises that it can clear your inbox, send emails, manage your calendar, and check you in for flights—though power users are pushing the tool to do much more.

Clawdbot works with a host of apps and services you might use yourself. That includes productivity apps like Apple Notes, Apple Reminders, Things 3, Notion, Obsidian, Bear Notes, Trello, GitHub; music apps like Spotify, Sonos, and Shazam; smart home apps like Philips Hue, 8Sleep, and Home Assistant; as well as other major apps like Chrome, 1Password, and Gmail. It can generate images, search the web for GIFs, see your screen, take photos and videos, and check the weather. Based on the website alone, it has a lengthy résumé.

The last big point here is that Clawdbot has an advertised "infinite" memory. That means the bot "remembers" every interaction you've ever had with it, as well as all the actions it's taken on your behalf. In theory, you could use Clawdbot to build apps, run your home, or manage your messages, all within the context of everything you've done before. In that, it'd really be the closest thing to a "digital assistant" we've seen on this scale. These assistants have been mostly actionable—you ask the bot what you want to know or what you want done, and it (hopefully) acts accordingly. But the ideal version of Clawdbot would do all those things for you without you needing to ask.

It's not just fans talking about Clawdbot

Not everyone is psyched about Clawdbot, though. Take this user, who jokes that, after four messages, the bot made a reservation, then, after six messages, was able to send a calendar invite, only to cost $87 in Opus 4.7 tokens. This user came up with a story (at least I hope it's a story) where they give Clawdbot access to their stock portfolio and tasked it with making $1 million without making mistakes. After thousands of reports, dozens of strategies, and many scans of X posts, it lost everything. "But boy was it beautiful."

I particularly like this take, which reads: "[I've] made a tragic discovery using [Clawdbot.] [There] simply aren’t that many tasks in my personal life that are worth automating." There are also some jabs from what appear to be anti-AI users, like this one, that imagines a Clawdbot user with no job living in their parent's basement, asking the bot to do their tasks for the day.

As with all things AI, there are many thoughts, opinions, and criticisms here, especially considering how viral this new tool is. But the main critique seems to be that Clawdbot requires a lot (in terms of hardware, power, and privacy) without really offering much in return. Sure, it can do things for you, but do you really need a bot booking your plane tickets, or combing through your emails? The answer to that, I suppose, is up to each of us, but the "backlash," if you can call it that, is likely coming from people who would answer "no."

How to try Clawdbot

If you want to try Clawdbot, you'll likely need to have some technical experience first. You can get started from Clawdbot's official github page, as well as Clawdbot's "Getting started" guide. According to this page, you'll begin by running the Clawdbot onboarding wizard, which will set you up with the gateway, workspace, channels, and skills. This works on Mac, Linux, and Windows, and while you won't need a Mac mini, it seems to be what the Clawdbot crowd is running with.

Full disclosure: Clawdbot and its setup go beyond my expertise, and I will not be installing it on my devices. However, if you have the knowledge to follow these instructions, or the will to learn, the developer has the steps listed in the links above.

How secure is Clawdbot?

While I likely wouldn't install Clawdbot on my device anyway, the privacy and security implications here definitely keep me away.

The main issue with Clawdbot is that it has full control and access over whichever device you run it on, as well as any of the software that is running therein. That makes sense, on the surface: How is an agentic AI supposed to do things on your behalf if it does have access to the apps and hardware necessary for execution?

But the inherent security risk with any program like this involves prompt injection. Bad actors could sneak their own AI prompts into otherwise innocent sites and programs. When your bot crawls the text as it completes your task, it intercepts the prompt, and, thinking it's from you, executes that prompt instead. It's the main security flaw with AI browsers, and it could affect something like Clawdbot, too. And since you've given Clawdbot control over your entire computer and everything in it...yikes. Bad actors could manipulate Clawdbot to theoretically send DMs to anyone they like, run malicious programs, read and write files on your computer, trick Clawdbot into accessing your private data, and learn about your hardware for further cyber attacks.

In Clawdbot's case, these prompt injections could come from a number of sources. They could come from messages via bad actors through the chat apps you communicate through Clawdbot, they could come from the browsers you use to access the internet, and they could come from plugins you run on various programs, to name a few possibilities.

Clawdbot does have a security guide on its site that walks you through ways to shore up your defenses while using Clawdbot. The developer admits that running an AI agent with shell access on your machine is "spicy," that this is both a product and an experiment, and that there is no "perfectly secure" setup. That said, there are security features built in here that serve a purpose and attempt to limit who can access Clawdbot, where Clawdbot can go, and what Clawdbot can do. That could involve locking down DMs, viewing links and attachments as "hostile" by default, reducing high-risk tools, and running modern AI models that have better protections against prompt injection.

Still, the whole affair is too risky for me, especially considering I'm not sure I really want an AI assistant in the first place. I think companies believe we want to offload tasks like calendars, messages, and creation to bots, to save us time from menial to-do lists. Maybe some do, but I don't. I want to know who is reaching out to me and why, and not trust an AI to decide what messages are worth my attention. I want to write my own emails and know what events I have on my own calendar. I also want access to my own computer. Maybe some people trust AI enough to handle all these things for them—if it makes me a luddite to feel the opposite, so be it.

View the full article